- About this Journal ·
- Abstracting and Indexing ·
- Advance Access ·
- Aims and Scope ·
- Annual Issues ·
- Article Processing Charges ·
- Articles in Press ·
- Author Guidelines ·
- Bibliographic Information ·
- Citations to this Journal ·
- Contact Information ·
- Editorial Board ·
- Editorial Workflow ·
- Free eTOC Alerts ·
- Publication Ethics ·
- Reviewers Acknowledgment ·
- Submit a Manuscript ·
- Subscription Information ·
- Table of Contents
Mathematical Problems in Engineering
Volume 2013 (2013), Article ID 165029, 11 pages
A Quantitative Assessment Approach to COTS Component Security
1School of Computer Science and Telecommunication Engineering, Jiangsu University, Zhenjiang 212013, China
2School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China
3School of Software and Communication Engineering, Jiangxi University of Finance and Economics, Nanchang 330013, China
Received 28 August 2012; Revised 26 December 2012; Accepted 31 December 2012
Academic Editor: Huaguang Zhang
Copyright © 2013 Jinfu Chen et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
- J. Chen, Y. Lu, and X. D. Xie, “Component security testing approach by using interface fault injection,” Journal of Chinese Computer Systems, vol. 31, no. 6, pp. 1090–1096, 2010.
- S. Gudder and R. Greechie, “Uniqueness and order in sequential effect algebras,” International Journal of Theoretical Physics, vol. 44, no. 7, pp. 755–770, 2005.
- I. O. Mkpong-Ruffin, Quantitative risk assessment model for software security in the design phase of software development, [Ph.D. thesis], Auburn University, Auburn, Ala, USA, 2009.
- J. Han and Y. Zheng, “Security characterization and integrity assurance for component-based software,” in Proceedings of the International Conference on Software Methods and Tools (SMT '00), pp. 61–66, IEEE Computer Society, Wollongong, Australia, 2000.
- F. Jabeen and M. Jaffar-Ur Rehman, “A framework for object oriented component testing,” in Proceedings of the IEEE International Conference on Emerging Technologies, (ICET '05), pp. 451–460, Islamabad, Pakistan, September 2005.
- K. Md. Khan, J. Han, and Y. Zheng, “Characterizing user data protection of software components,” in Proceedings of the Software Engineering Conference, pp. 3–11, Canberra, Australian, 2000.
- K. M. Khan and J. Han, “A security characterisation framework for trustworthy component based software systems,” in Proceedings of the 27th Annual International Computer Software and Applications Conference (COMPSAC '03), pp. 164–169, November 2003.
- K. M. Khan and J. Han, “Assessing security properties of software components: a software engineer's perspective,” in Proceedings of the Australian Software Engineering Conference (ASWEC '06), pp. 199–208, Sydney, Australia, April 2006.
- K. Khan, J. Han, and Y. Zheng, “A framework for an active interface to characterise compositional security contracts of software components,” in Proceedings of the Australian Software Engineering Conference (ASWEC '01), pp. 117–126, 2001.
- “Common criteria project/ISO. Common criteria for information technology security evaluation,” version 2.1 (ISO/IEC International Standard 15408). NIST, USA and ISO, Switzerland, 1999, http://csrc.nist.gov/cc/.
- O. H. Alhazmi and Y. K. Malaiya, “Quantitative vulnerability assessment of systems software,” in Proceedings of the Annual Reliability and Maintainability Symposium (RAMS '05), pp. 615–620, January 2005.
- Y.-K. Zhang, S.-Y. Jiang, Y.-A. Cui, B. W. Zhang, and H. Xia, “A qualitative and quantitative risk assessment method in software security,” in Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering, (ICACTE '10), pp. V1534–V1539, Chengdu, China, August 2010.
- X. Tang and B. Shen, “Extending model driven architecture with software security assessment,” in Proceedings of the 3rd IEEE International Conference on Secure Software Integration Reliability Improvement, (SSIRI '09), pp. 436–441, Shanghai, China, July 2009.
- X. Wang, H. Shi, T. Y. W. Huang, and F. C. Lin, “Integrated software vulnerability and security functionality assessment,” in Proceedings of the 18th IEEE International Symposium on Software Reliability Engineering (ISSRE '07), pp. 103–108, Trollhattan, Sweden, November 2007.
- K. Goševa-Popstojanova and K. S. Trivedi, “Architecture-based approach to reliability assessment of software systems,” Performance Evaluation, vol. 45, no. 2-3, pp. 179–204, 2001.
- “NVD Common Vulnerability Scoring System (CVSS),” http://nvd.nist.gov/cvss.cfm.
- Y. Jiang, G. M. Xin, J.-H. Shan, L. Zhang, B. Xie, and F.-Q. Yang, “Method of automated test data generation for web service,” Chinese Journal of Computers, vol. 28, no. 4, pp. 568–577, 2005.
- M. E. Delamaro, J. C. Maldonado, and A. P. Mathur, “Interface mutation: an approach for integration testing,” IEEE Transactions on Software Engineering, vol. 27, no. 3, pp. 228–247, 2001.
- J. M. Voas and K. W. Miller, “Predicting software's minimum-time-to-hazard and mean-time-to-hazard for rare input events,” in Proceedings of the 6th International Symposium on Software Reliability Engineering, pp. 229–238, October 1995.
- J. Chen, Y. Lu, and X. Xie, “A fault injection model of component security testing,” Computer Research and Development, vol. 46, no. 7, pp. 1127–1135, 2009.
- J. Chen, Y. Lu, W. Zhang, and X. D. Xie, “A fault injection model-oriented testing strategy for component security,” Journal of Central South University of Technology, vol. 16, no. 2, pp. 258–264, 2009.
- J. Chen, Y. Lu, X. Xie, et al., “Design and implementation of an automatic testing platform for component security,” Computer Science, vol. 35, no. 12, pp. 229–233, 2008.